In today’s world, password security is part of our financial security. As financial advisors, we’re very aware of this and take measures to protect our clients every day. However, we also want our clients to take measures to protect themselves. One of the ways you can protect yourself is by getting a handle on your system for passwords and how you store them.
Use Complex Passwords
Let’s first review what a complex, secure password looks like. Passwords should be:
- At least 16 characters long if possible
- A variety of numbers, symbols, and upper- and lower-case letters
- Nonsensical if you’re using words, i.e., they shouldn’t be phrases or guessable based on your personal information
- Unique, i.e., you shouldn’t use the same password for multiple sites
Add Additional Security Layers
On top of creating a complex and secure password, we also encourage clients to add additional layers of security with financial logins. Here are some of the additional layers you can add:
Security Questions. When filling these out, use answers that are nonsensical so hackers can’t look up your information such as where you went to elementary school or what your mother’s maiden name was.
Two-Factor Authentication. Sign up for two-factor or multi-factor authentication if offered, which requires you to enter a code from a text, call, or email, or from an authentication app on your phone every time you log in. This helps prevent someone from accessing your online platform by guessing your password or running a password cracker.
Verbal Password. You can add a verbal password or pin at most banks for an added layer of security in case someone tries to call in as you. Each time you call in, you’ll be asked for the verbal password or pin to confirm your identity before any data is shared or any transactions are placed. Many financial advisors will also allow you to use a verbal password. Of note, your verbal password or pin shouldn’t be personal information that a hacker could look up and guess.
Review Financial Statements. We highly recommend reviewing financial statements for your accounts and credit cards to be sure there aren’t any strange transactions as hackers now process “test” transactions for normal looking purchases. For example, someone ran a $17.99 transaction for Netflix on my credit card; however, I’m not the one in my family that pays for Netflix, so I notified my credit card company of this strange transaction after reviewing my statement.
It can be hard to get started with making these changes to our current password system—until we are forced into doing so. A few years ago, I had someone hack the non-complex and unsecure password that I used for many of my logins, so I ended up spending hours tracking down logins and changing passwords. It was a painful process, and I wouldn’t want anyone else to have to go through the same. I encourage you to get started before this happens to you; at a minimum, work on these changes for your financial accounts now and then perhaps do the same on a rolling basis for your other logins.
Use a Password Manager
Part of why it’s hard to get started on these changes is not having a secure, organized storage solution for your passwords. Historically I’ve seen people use a Word document or Excel spreadsheet to catalog these; however, cloud-based password managers have been available for a while now. There are several advantages to using a cloud-based password manager. Password managers:
- Allow you to store all your passwords in one organized and easy-to-search place
- Only require you to remember one password
- Are encrypted, so they keep your information secure
- Are cloud-based, so your data won’t be lost if you lose a device
- Can auto-generate complex, secure passwords for you
- Allow you to store nonsensical security question answers
- Are accessible from multiple devices, such as your phone and computer
- Can auto-fill your passwords for websites on your phone and computer like your browser does
- Allow you to share passwords with family members
- Don’t have a password reset option to add another layer of security
If you’re interested in using a password manager, check out Last Pass, 1Password, Dashlane, and Keeper. We use Last Pass here at Merriman and have included a visual of Last Pass’s example “vault” below.
If you’re worried about potential password manager hackers, think about adding a fake letter or digit to all your passwords and know that you’ll need to go delete that specific letter or digit when you enter your passwords. Also keep in mind that additional security layers, such as two-factor authentication, should keep hackers from being able to login easily with just your password.
Passwords are very important for your financial security. It’s not a matter of if—it’s a matter of when someone hacks your login information. By taking some of the steps outlined here, you can make it much easier for you to manage your passwords while at the same time making it massively harder for hackers to access your online logins and information.
As advisors, we not only help our clients with their investments and financial plans, but we also help them understand the current cybersecurity landscape and how to keep their information safe. If you have any questions about your financial security, please don’t hesitate to reach out to us. We’re always happy to help you and those you care about!
Disclosure: The material is presented solely for information purposes and has been gathered from sources believed to be reliable, however Merriman cannot guarantee the accuracy or completeness of such information, and certain information presented here may have been condensed or summarized from its original source. Merriman does not provide tax, legal or accounting advice, and nothing contained in these materials should be relied upon as such.